top of page
  • Tim Burns

When a Secret is No Longer a Secret

Least Privilege on Shared Systems

Photo by Ben White on Unsplash

Extending secure access on a heterogeneous system can be complex. One component of the system may have access to a secret, but another may not. And, of course, when a secret gets out, it isn't a secret anymore.

I'm designing a secret system on a third-party data integration tool and I ran across this article.

Important takeaways:

  • Encrypt secrets

  • Without giving containers and services an identity, it is not possible to protect and restrict access to secrets with access control policies

  • Give identity to only the project that needs the resource, not the whole environment

  • Use ephemeral resources to pass secrets (like environment variables)

  • Give the ephemeral resources hard-to-guess names - MY_SECRET:(some md5 hash)

  • Keep track of who knows your secrets

10 views0 comments

Recent Posts

See All

It is Martin Luther King day, and I am fortunate to have a holiday. However, I haven't lost sight of my goal of becoming an entrepreneur and founding a startup, so I'm reading The Lean Startup. Chapte

We swore in new deacons today at church, and the charge to the deacons resonated as a charge we can take for any leadership vocation. Speak the truth to us. Trust us. Inform us. Work diligently wi

Post: Blog2_Post
bottom of page